API reference
Base URL: https://api.casinocrm.io (managed) or your self-host URL.
Auth
Three auth modes — pick by endpoint group:
| Mode | Used by | Header |
|---|---|---|
| API key | SDK + ingestion endpoints (/v1/events, /v1/players/identify) | Authorization: Bearer ucrm_pk_<env>_<id>_<secret> |
| Clerk session | Admin endpoints | Authorization: Bearer <clerk-jwt> |
| Internal secret | Server-to-server only | X-Internal-Secret: <env> |
API keys are project-scoped (one per project per environment). Generate from Settings → API keys in the admin.
Envelope
Success:
{
"data": { ... },
"meta": { "count": 42 } // optional, paginated endpoints
}
Error:
{
"error": {
"code": "PLAYER_NOT_FOUND",
"message": "Player abc-123 not found",
"details": { ... } // optional
}
}
Pagination
Cursor-based. Encode (last_seen_at, id) for stable pagination across mutations:
GET /v1/players?limit=50&cursor=eyJscyI6Ii4uLiIsImlkIjoiLi4uIn0
Response includes meta.next_cursor when more pages exist; null when done.
Idempotency
POST endpoints that mutate (campaign send, bonus grant, journey trigger) accept Idempotency-Key: <uuid> header. Replays return the same response without re-executing.
Rate limits
Per-API-key:
- Ingestion (
/v1/events): 10K req/sec sustained, 50K burst - Identify (
/v1/players/identify): 1K req/sec - Admin / Clerk-protected: 100 req/sec per session
Exceeded → 429 RATE_LIMITED with Retry-After header.
Endpoint groups
- Auth — API key generation + verification
- Players — CRUD + lifecycle
- Identify — identity merge
- Events — ingestion
- Segments — definitions + refresh
- Templates — message templates
- Campaigns — broadcast send + variants + stats
- Journeys — graph CRUD + triggers + runs
- Bonuses — templates + grants + campaigns
- VIP tiers — ladder CRUD + player tier
- Currencies — catalogue + FX rates
- Tenant config — license / verticals / KYC / RG
- Webhooks — inbound webhook contracts